Azure AD Attack & Defense Playbook
This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected. All of the included scenarios, insights and comments are based on experiences from the contributors during their attack simulations, hands-on or real-world scenarios. It should be considered a living document, which will be updated as practices progress &...
TinyCheck – Spotting Malicious Networks With Ease
Description TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). The idea of TinyCheck emerged...
ProtoBurp++: Elevating Protobuf Security Research
A game-changer in cybersecurity tooling, designed to take Protobuf fuzzing and encoding in Burp Suite to new heights. Dive in to explore its enhanced capabilities and features, setting a new benchmark in security research. This is an updated version of ProtoBurp by Dillon Franke, with enhanced features and capabilities. We called this version ProtoBurp++ to distinguish the tool from the original project. Description ProtoBurp++ is...
Donut-Decryptor : Unmasking Binary Secrets
Navigating the maze of binary obfuscation? Meet the "Donut-Decryptor", a tool tailored to decode the elusive Donut obfuscation. Dive in to unravel its capabilities and bring clarity to concealed code. Beyond mere decryption, it’s a spotlight in the shadowy corridors of cybersecurity. A must-have for those battling coded enigmas. A configuration and module extractor for the donut binary obfuscator. Description donut-decryptor checks file(s) for...
BucketLoot – An Automated S3 Bucket Inspector
Thousands of S3 buckets are left open on the internet, which makes them an easy target for bad people who want to get private information from the files in these buckets that can be tied to a person or an organization. There isn't much study or software that can use these S3 buckets to find secret exposures and search...
Kubetools – A Curated List of Kubernetes Tools
There are more than 450+ Kubernetes Certified Service Providers and tons of Kubernetes Certified distributions. Choosing a right distribution can be a daunting task. Kubetools is built with a purpose to build a curated list of popular Kubernetes tools. It is actively maintained by Collabnix Slack Community. Top Featured Kubernetes Tools(Sep 2023) Node Problem Detector Karpenter Kubestalk K8sGPT Kubeshark Monokle Numaflow Otterize Botkube K9s Table Of Contents Categories Pods Cluster Management Cluster with Core CLI tools Alert and Monitoring Logging and Tracing Troubleshooting /...
Caro Kann – Evading Kernel Scans with Encrypted Shellcode
In the ever-evolving game of cybersecurity, encrypted shellcode injection emerges as a formidable method to sidestep defenses. This article unveils the "Caro Kann Defense"—a savvy technique designed to evade memory scans, drawing inspiration from the world of chess. Dive in to uncover the strategy behind this stealthy approach. Encrypted shellcode Injection to avoid memory scans triggered from Kernel (ETWti...
SSB – A Faster & Simpler Way to Bruteforce SSH Server.
Secure Shell Bruteforcer - A faster & simpler way to bruteforce SSH server. In the evolving world of cybersecurity, speed and efficiency are paramount. Enter Kitabisa SSB, a Go-powered tool designed to revolutionize the approach to SSH bruteforcing. Offering a streamlined installation process and user-friendly options, it's a must-have for professionals seeking a faster and simpler way to test SSH server security. Installation From...
Furlzz – Advanced iOS URL Scheme Fuzzing Made Easy
Furlzz is a small fuzzer written to test out iOS URL schemes. It does so by attaching to the application using Frida and based on the input/seed it mutates the data and tries to open the mutated URL. Furlzz works in-process, meaning you aren't actually opening the URL using apps such as SpringBoard. furlzz supports universal links which are...
ReconAIzer – Enhancing Burp Suite With OpenAI
ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. This extension automates various tasks, making it easier and faster for security researchers to identify and exploit vulnerabilities. Once installed, ReconAIzer add a contextual menu and a dedicated tab to see the results: Prerequisites Burp Suite Jython Standalone Jar Installation Follow these steps to...